CNNVD-202602-1045 Information

Feb 06, 2026 cve

CNNVD ID

CNNVD-202602-1045

CVE-2026-2010

CNNVD Published: 2026-02-06

Description (Chinese)

PublicCMS是中国PublicCMS公司的一套使用Java语言编写的开源内容管理系统（CMS）。 PublicCMS存在授权问题漏洞，该漏洞源于对组件Trade Payment Handler中文件publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java内函数Paid的参数paymentId的错误操作，可能导致授权不当。

Description (English)

PublicCMS is an open-source content management system (CMS) developed in Java by PublicCMS, China. There is a mandate gap in PublicCMS, which stems from an error in the performance of the parameters of PaymentId, the intra-Trade Trade Payment Service.java function, in the document publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/tradePaymentService.java, which may lead to improper authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

PublicCMS

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/sanluan/PublicCMS/ https://github.com/sanluan/PublicCMS/commit/7329437e1288540336b1c66c114ed3363adcba02 https://github.com/sanluan/PublicCMS/issues/108 https://github.com/sanluan/PublicCMS/issues/108#issue-3838143772 https://vuldb.com/?ctiid.344592 https://vuldb.com/?id.344592 https://vuldb.com/?submit.743487

Share on: